68 Appendix A: Case Statistics from the Dutch High Tech Crime Unit The data and statistics below represent a sample of 32 data breach investigations by the Dutch National High Tech Crime Unit reaching back to 2006. As mentioned in the methodology earlier in our report, the NHTCU caseload varies from year to year, data breaches being only one aspect of their mission. The NHTCU targets cases they classify as “high tech crime,” which can roughly be de ned as those forms of crime that are organized, target computer systems, and use sophisticated new technology or methods. Cyber-related issues that target vital national interests are also taken up. These 32 breaches encompassed a total of 144,076 data records con rmed by the NHTCU to be compromised. However, the extent of data loss could not be determined for the majority of incidents, so this gure represents the lowest end of the potential range (we discuss reasons for this in the main report). In this section, we highlight ndings from these investigations, concentrating on the agents, actions, assets, and attributes involved. In reviewing this data, you will see that these are not unlike those seen in both the Verizon and USSS case sets over the last several years. Demographics The NHTCU’s cases spanned several di erent industries, organizational sizes, and locations. The top victim industry was that of Financial Services, which included some of the largest banks in the Netherlands as well as others throughout Europe and the United States. Those victims within the Education industry consisted mostly of European universities. Technology Services victims were a mix of managed IT and security services rms and software development shops. Several of these organizations lost valuable IP and other sensitive data. Per Table 2, organizational size was weighted toward larger organizations. Agents Every case involving a data breach within the NHTCU’s incidents involved an external agent, of which most were from Eastern and Western Europe. Based on the details of case selection listed above, it’s not surprising that three-quarters of the external agents are categorized as organized criminal groups. The next largest group is una liated person(s). One of the NHTCU’s investigations included an insider who did not act deliberately, but nonetheless broke a policy regarding the reuse of corporate passwords that led directly to one of the data breaches. Yet another dataset showing a strong majority of external agents in both frequency and data loss. Isn’t that interesting? Industry groups represented by number of breaches 16 7 7 1 1 Financial Services Education Tech Services Government Retail Organizational size by number of breaches (number of employees) 1 to 10 0 11 to 100 1 101 to 1,000 4 1,001 to 10,000 9 10,001 to 100,000 14 Over 100,000 2 Unknown 2
69 Actions The top three threat action categories were Hacking, Malware, and Social. The most common types of hacking actions used were the use of stolen login credentials, exploiting backdoors, and man-in-the-middle attacks. These were often carried out via the web or backdoors opened
You've reached the end of your free preview.
Want to read all 72 pages?
- Fall '14
- Secret Service, United States Secret Service, USSS